I want to run a apache server (port 80) at 192.168.0.1 what settings must be altered for susefirewal2 when masq is on for 192.168.0.3 piet
On Tue, 26 Mar 2002 22:09:15 +0100 PR <prooroa@wanadoo.nl> wrote:
I want to run a apache server (port 80) at 192.168.0.1 what settings must be altered for susefirewal2 when masq is on for 192.168.0.3
Well you have a choice whether you want to "trust" your internal net or not. For the masquerading get these: FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24" To give all your INT net access to all your services: FW_TRUSTED_NETS="192.168.0.0/24" If you don't want a Trusted net, you can setup each service individually, but the above will get you going. Don't forget to set the P to P partner in 192.168.0.3, to masqurade thru 192.168.0.1. -- $|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1); for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}
should I make just port 80 available for 192.168.0.3? 192.168.0.3 is a win98 machine with IE5 as browser 192.168.0.1 is the linux box with the masq etc and the apache running. when entered on the winbox: http://localhost/index.html nothing happens.... do you know why? piet zentara wrote:
On Tue, 26 Mar 2002 22:09:15 +0100 PR <prooroa@wanadoo.nl> wrote:
I want to run a apache server (port 80) at 192.168.0.1 what settings must be altered for susefirewal2 when masq is on for 192.168.0.3
Well you have a choice whether you want to "trust" your internal net or not.
For the masquerading get these: FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24"
To give all your INT net access to all your services:
FW_TRUSTED_NETS="192.168.0.0/24"
If you don't want a Trusted net, you can setup each service individually, but the above will get you going.
Don't forget to set the P to P partner in 192.168.0.3, to masqurade thru 192.168.0.1.
On Wed, 27 Mar 2002 09:58:48 +0100 PR <prooroa@wanadoo.nl> wrote:
should I make just port 80 available for 192.168.0.3? 192.168.0.3 is a win98 machine with IE5 as browser 192.168.0.1 is the linux box with the masq etc and the apache running. when entered on the winbox: http://localhost/index.html nothing happens.... do you know why? piet
You need to enter on the winbox http://192.168.0.1 or you might be able to enter your name as listed in /etc/hosts If the name in /etc/hosts dosn't work; make sure your server address is setup in /etc/httpd/httpd.conf to use that name. It is easier to use the 192.168.0.1 As far as restricting access to port 80 for your internal net, it is better than "trusted nets"; especially if connecting with windows. :-) You can't trust a windows machine. FW_PROTECT_FROM_INTERNAL="yes FW_SERVICES_INT_TCP="80" FW_TRUSTED_NETS="" -- $|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1); for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}
thanks Zentera, that worked. should I run dns for etc/hosts or do I make my self foolish now... furthermore: I have due to my ISP a non-fixed Ip-address still by setting a time switch to 999999 I can keep an address for quite some time. what alterations do I have to make to make the apache approachable from the outside world? piet zentara wrote:
On Wed, 27 Mar 2002 09:58:48 +0100 PR <prooroa@wanadoo.nl> wrote:
should I make just port 80 available for 192.168.0.3? 192.168.0.3 is a win98 machine with IE5 as browser 192.168.0.1 is the linux box with the masq etc and the apache running. when entered on the winbox: http://localhost/index.html nothing happens.... do you know why? piet
You need to enter on the winbox http://192.168.0.1 or you might be able to enter your name as listed in /etc/hosts
If the name in /etc/hosts dosn't work; make sure your server address is setup in /etc/httpd/httpd.conf to use that name. It is easier to use the 192.168.0.1
As far as restricting access to port 80 for your internal net, it is better than "trusted nets"; especially if connecting with windows. :-) You can't trust a windows machine.
FW_PROTECT_FROM_INTERNAL="yes FW_SERVICES_INT_TCP="80" FW_TRUSTED_NETS=""
Hi, does anyone know how to switch the 8136too module to 10Mbit/s. I have Suse 7.2 kernel 2.4. Thanks in advance Tobias
Well, it may sound stupid but I only want to know which parameter has to be set where to switch the module 8139too on 10Mbit/s full duplex. If nobody knows it - maybe someone can give me a link. Google was not my friend .... :-( TIA Tobias At 07:36 27.03.02 -0600, Jeffrey Taylor wrote:
mii-tools. Older hardware may not support it.
HTH, Jeffrey
Quoting Tobias Braun <tobias.braun@ruhr-uni-bochum.de>:
Hi,
does anyone know how to switch the 8136too module to 10Mbit/s. I have Suse 7.2 kernel 2.4.
Thanks in advance
Tobias
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
On Wed, 27 Mar 2002 12:49:35 +0100 PR <prooroa@wanadoo.nl> wrote:
thanks Zentera, that worked. should I run dns for etc/hosts or do I make my self foolish now...
/etc/hosts is used as a "local dns" while your system boots, if no dns server is going, or if you don't have one. It's mostly used just to identify hosts on your local net. You could move up to your own dns server if you want, but that is a big step.
furthermore: I have due to my ISP a non-fixed Ip-address still by setting a time switch to 999999 I can keep an address for quite some time. what alterations do I have to make to make the apache approachable from the outside world? piet
Well you could try to set your servername in /etc/httpd/httpd.conf to the ip-address you have at the time. Then you would need to change the firewall config to add FW_SERVICES_EXT_TCP="80" Then people from the internet should be able to reach your machine's webserver, if they enter the ip number; like http://208.123.456 (or whatever number you have at the time). I don't see how you could use a dns name, but the raw number should find it's way to your machine. You probably could make a script to do the editing of the httpd.conf and restarting apache automatically I'm not sure if your ISP can block port 80 traffic coming in, but that might be a problem. Most ISP's don't like you operating servers from a dialup account. Are you on cable or asdl? -- $|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1); for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}
broadband cable (but it had to be configured by adsl in yast2) it is still slow though piet zentara wrote:
On Wed, 27 Mar 2002 12:49:35 +0100 PR <prooroa@wanadoo.nl> wrote:
thanks Zentera, that worked. should I run dns for etc/hosts or do I make my self foolish now...
/etc/hosts is used as a "local dns" while your system boots, if no dns server is going, or if you don't have one. It's mostly used just to identify hosts on your local net. You could move up to your own dns server if you want, but that is a big step.
furthermore: I have due to my ISP a non-fixed Ip-address still by setting a time switch to 999999 I can keep an address for quite some time. what alterations do I have to make to make the apache approachable from the outside world? piet
Well you could try to set your servername in /etc/httpd/httpd.conf to the ip-address you have at the time. Then you would need to change the firewall config to add FW_SERVICES_EXT_TCP="80"
Then people from the internet should be able to reach your machine's webserver, if they enter the ip number; like http://208.123.456 (or whatever number you have at the time).
I don't see how you could use a dns name, but the raw number should find it's way to your machine.
You probably could make a script to do the editing of the httpd.conf and restarting apache automatically
I'm not sure if your ISP can block port 80 traffic coming in, but that might be a problem. Most ISP's don't like you operating servers from a dialup account. Are you on cable or asdl?
participants (4)
-
Jeffrey Taylor -
PR -
Tobias Braun -
zentara